Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack
From: Tillman Hodgson (tillman_at_seekingfire.com)
Date: 04/21/04
- Previous message: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Next in thread: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Reply: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Apr 2004 15:44:45 -0600 To: freebsd-security@freebsd.org
On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
> Charles Swiger wrote:
> >The default TTL gets decremented with every hop, which means that a
> >packet coming in with a TTL of 255 had to be sent by a directly
> >connected system. [ip_ttl is an octet, so it can't hold a larger TTL
> >value.]
>
> Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
> number of hops, before being declared hopelessly lost.
Exactly -- if you see an incoming packet with a TTL of 255, it must've
originated on a directly connected system /or it would've already been
decremented to 254 or lower/.
-T
-- "Beware of he who would deny you information, for in his heart he dreams himself your master."
- application/pgp-signature attachment: stored
- Previous message: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Next in thread: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Reply: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
